With development of mobile communications network technologies, currently network security configuration requirements become higher. A currently common security configuration policy is performing same security configuration on all radio bearers corresponding to a user plane or all radio bearers of a same terminal. The user plane may be used to transmit service data of a terminal device, and a control plane may be used to manage the user plane, generate control signaling, and the like. A radio bearer in the user plane may be understood as a radio bearer for transmitting service data, and a radio bearer in the control plane may be understood as a radio bearer for transmitting control signaling. However, during actual application, terminal devices are different, and radio bearers used for communication are also different. Using different radio bearers of a same terminal device as an example, different radio bearers between the terminal device and a base station may be used to transmit different data services. For example, a bearer may be used to transmit voice data, a bearer may be used to transmit web page data, and a bearer may be used to transmit payment data. If same security configuration is performed on all radio bearers corresponding to a user plane or all radio bearers of a same terminal, a problem that current security configuration is not applicable to a current terminal device or radio bearer may be caused. It can be learned that applicability of security configuration in current security configuration technologies is relatively poor.